Computer Security: Discussion on Homework File Sharing and Security Policies, Assignments of Computer Science

The topics for a computer security class lecture on january 22, 2008. The reading material covers sections 4.1-4.6 of a textbook and pages 1-25 of wa70. The lecture will discuss security through obscurity, types of policies, access control, and high- and low-level policy languages. The class will also have a discussion on the violation of security policies when students share and read each other's homework files.

Typology: Assignments

Pre 2010

Uploaded on 09/17/2009

koofers-user-ku6
koofers-user-ku6 🇺🇸

10 documents

1 / 1

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Outline for January 22, 2008
Reading: text, §4.1–4.6; [Wa70], pp. 1–25
Announcement: I am holding additional office hours this week, today from 12:15PM to 1:15PM and Wednesday
from 12:00 noon to 1:00PM.
Discussion Problem. A hypothetical computer science department provides a Hypothetical Computer Science
Instructional Facility. Students do their homework on the HCSIF computers. Suppose a student in a beginning
programming class writes a program but fails to use the protection mechanisms to prevent others from reading it. A
second student reads the first student's program.
1. If the security policy of the HCSIF says that students are not allowed to read homework-related files from other
students, has the second student violated security? Has the first?
2. If the first student had used the protection mechanisms to prevent other students from reading the file, but the
second student figured out a way to read the file, would your answer to part 1 change? If so, how?
3. If the first student told the second student to “feel free to look at my answer, just don't copy it,” would your
answer to part 1 change? If so, how?
Lecture Outline
1. “Security through Obscurity”
2. Example of a policy: UC Davis e-mail policy
3. Policy
a. Sets of authorized, unauthorized states
b. Secure systems in terms of states
c. Mechanism vs. policy
4. Types of Policies
a. Military/government vs. confidentiality
b. Commercial vs. integrity
5. Types of Access Control
a. Mandatory access control
b. Discretionary access control
c. Originator-controlled access control
6. High-Level Policy Languages
a. Characterization
b. Example: DTEL
7. Low-Level Policy Languages
a. Characterization
b. Example: Tripwire configuration file
ECS 153, Computer Security!Winter Quarter 2008
Version of January 21, 2008 at 11:05AM!Page 1 of 1

Partial preview of the text

Download Computer Security: Discussion on Homework File Sharing and Security Policies and more Assignments Computer Science in PDF only on Docsity!

Outline for January 22, 2008

Reading : text, §4.1–4.6; [Wa70], pp. 1– Announcement : I am holding additional office hours this week, today from 12:15PM to 1:15PM and Wednesday from 12:00 noon to 1:00PM. Discussion Problem. A hypothetical computer science department provides a Hypothetical Computer Science Instructional Facility. Students do their homework on the HCSIF computers. Suppose a student in a beginning programming class writes a program but fails to use the protection mechanisms to prevent others from reading it. A second student reads the first student's program.

  1. If the security policy of the HCSIF says that students are not allowed to read homework-related files from other students, has the second student violated security? Has the first?
  2. If the first student had used the protection mechanisms to prevent other students from reading the file, but the second student figured out a way to read the file, would your answer to part 1 change? If so, how?
  3. If the first student told the second student to “feel free to look at my answer, just don't copy it,” would your answer to part 1 change? If so, how? Lecture Outline
  4. “Security through Obscurity”
  5. Example of a policy: UC Davis e-mail policy
  6. Policy a. Sets of authorized, unauthorized states b. Secure systems in terms of states c. Mechanism vs. policy
  7. Types of Policies a. Military/government vs. confidentiality b. Commercial vs. integrity
  8. Types of Access Control a. Mandatory access control b. Discretionary access control c. Originator-controlled access control
  9. High-Level Policy Languages a. Characterization b. Example: DTEL
  10. Low-Level Policy Languages a. Characterization b. Example: Tripwire configuration file ECS 153, Computer Security Winter Quarter 2008 Version of January 21, 2008 at 11:05AM Page 1 of 1